TRACKING SOFTWARE SPECIFICATION, v5
http://www.sharewarejustice.com
COPYRIGHT
Copyright Hitek Software LLC, 1999-2005, All Rights Reserved
The information in this document is subject to change without any prior notice. The specification provided in this document is subject to a non-disclosure agreement. No part of this document may be reproduced, transmitted to other Shareware Developers or any other person, without the written permission of Hitek Software LLC.
HITEK SOFTWARE LLC
1719 Amarelle st.
Newbury Park, CA 91320
http://www.sharewarejustice.com
http://www.hiteksoftware.com
melvin@hiteksoftware.com
Introduction
Modes
Parameters Required
Posting Information
Data added by Tracker
This document is for Shareware developers who would like to start tracking illegal usage of their software. Developers are often surprised to find that for every single legal license purchased, there are at least 10 and very often 100 illegal users. The developers should implement the following system into their software. The code is fairly simple and should take a few hours to implement, but it will be the most rewarding code the developer will have ever written/implemented. We have c++, c#, visual basic, and java source code available to help you.
The developer needs to do the following:
1) Collect the Parameters required as described in Section 3, from
the Users Workstation.
2) Post the required data to the tracking URL that is specified in
Section 4.
The three data posting modes are install, register, and usage. By posting data during all 3 modes described below, the developer increases his chances of proving that an infringement has occurred. These three modes help to develop a timeline of when the software was installed and illegally unlocked to bypass the trial period.
install - install mode data is posted only once, when the user opens up the software for the first time. The developer should maintain a variable, which is read from and saved to disk. This variable should initially be set to false. The variable should be set to true, after the install mode data has been posted to our tracker. Thus the install mode data should only be posted once, for a new install of the software
register - register mode data should be posted when the user clicks on the Register / Unlock Software button in the register / unlock software dialog of the software, and a working code (even if it is an illegal one) is successfully entered.
usage - usage mode data should be posted every X+1 days to the tracker, where X is the software trial period in days. The developer can opt to make this a one-time post only, X+1 day after the registration post. The developer should store the last date/time, the register or usage mode was posted. Every time the software is opened up, this variable (i.e. last post date/time) should be compared against the current time. If the software is registered/unlocked, and if at least X+1 days have past since the last register/usage post, then the usage mode data should be posted again. This usage mode proves beyond doubt that the user has used the software for a period exceeding the trial period. This usage mode in conjunction with the register mode provides indisputable evidence of your case.
Example of Usage Posts:
If your trial period is 30 days, you can post the usage data every
31 days after the registration post.
Example:
Register Post = May 1st
1st Usage post ~ June 2nd or later
2nd Usage post ~ July 3rd or later
The parameters listed in the table should be sent to the tracker.
These exact same parameter names also form the column headings of the tracking
database.
| authorid | Provided to you when you signed up with Hitek Software. Only enter this when using POST method. When using GET method, set this value = *** |
| authorpwd | Provided to you when you signed up with Hitek Software. Only enter this when using POST method. When using GET method, set this value = *** |
| mode | Valid values are: install register usage |
| program | Software title |
| version | Software version ex: 6.12 etc.. |
| key | Registration key . This value is required for the 'register' and 'usage' modes. For the install mode, this value should be - |
| key2 | Optional value, if the registration requires two inputs. For the install mode, this value should be - |
| computer | computer name |
| ip_internal | ip address of the workstation on the network.
Typically for a workstation within a Company LAN this would be 192.168.0.5
etc..
|
| username | username logged on to workstation |
| domain | domain on local network |
| os | Operating system name (windows xp, or windows 2000 etc.. or linux or MacOSX etc..) |
| userdate | Full date/time string on the users workstation
in the following format: May 20, 2005 1:49:18 PM EST
The short string time zone should be specified. |
| timezone | Workstations full timezone string, Example: Eastern Standard Time or Pacific Standard Time etc.. |
| country | Workstations country setting, Example: United States or Canada |
| owner
(optional) |
This value should be obtained from the Registry
for Windows systems. This value has proven very useful to determine the
identities of the users.
Windows NT Family
Windows 95 Family
|
| organization
(optional) |
This value should be obtained from the Registry
for Windows systems. This value has proven very useful to determine the
identities of the users.
Windows NT Family
Windows 95 Family
|
| author1
- author10 |
This is optional information that the author can request from the user in a registration form - Example: Name, Address, Email etc. If the user enters a tab or newline, these characters should be replaced by [tab] or [line] or ', '. |
| tracker1
- tracker10 |
This is optional information that an author can add, that may be useful in tracking. The author SHOULD clearly state in the End User License Agreement, all the information that is collected. |
| fbEmail | This parameter should be sent only during testing, and while using the test.pl script only. The data posted to the test database is sent to you via email. This is usefull to recieive feedback during testing. |
After the developer has gathered all the information listed in section 3, the program should open an Http connection, and post data to the following URLs. Full java and c# source code is provided to collect and post data.
For testing, use the test.pl script:
http://www.sharewarejustice.com/cgi-bin/test.pl
GET mode example:
http://www.sharewarejustice.com/cgi-bin/test.pl?authorid=***&authorpwd=****&mode=install&product=.............
GET mode example with feedback to test@test.com:
http://www.sharewarejustice.com/cgi-bin/test.pl?authorid=***&authorpwd=****&........&fbEmail=test@test.com
Reply:
The perl script will return, in the output stream,
the entire data line that is added to the database. If you import
this data line into a spreadsheet (tab delimited import), you will see
that it has exactly 50 columns.
The data should first be Posted using the GET method. The web server logs will record all the parameters when you use the GET method. Most users at businesses or corporations are behind firewalls or proxy servers, which log all http activity for each user. Posting data using the GET method ensures that the organization can verify our infringement claims, even if the offending infringer removes your software completely from his / her workstation. The same information is also posted to our SharewareJustice logs, as well as into our tracking database by the tracker.pl script. When posting data using the GET method, the authorid and authorpwd should be set to ***.
OPTIONAL: For the Register and Usage modes ONLY, the same data can then be Posted again using the POST method. When posting in the POST method, your authorid and authorpwd should be entered. The Shareware Justice web server logs and the users outgoing proxy server logs will not see any parameters that are sent. This double post servers as authentication and confirmation.
Example of GET entry in Apache server logs:
x.x.x.x - - [10/Jan/2004:10:38:24
-0400] "GET /cgibin/test.pl?authorid=testID&authorpwd= testPwd&mode=Register&program=testProg_CL&version=1.0&key=xyzKEY&key2=&owner=melvin&organization
=&country=United+States&userdate=Sunday%2c+July+10%2c+2005+7%3a38%3a24+AM&timezone=Pacific+
Standard+Time&ip_internal=192.168.0.3&computer=lap&username=melvin&domain=LAP&os=Microsoft
+Windows+NT+5.1.2600+Service+Pack+2&author1=&author2=&author3=&author4=&author5=&author6
=&author7=&author8=&author9=&author10=&tracker1=&tracker2=&tracker3=&tracker4=&tracker5=
&tracker6 =&tracker7=&tracker8=&tracker9=&tracker10=
HTTP/1.1 " 500 1499 "-" "-"
Example of POST entry in Apache server logs:
x.x.x.x - - [10/Feb/2004:05:12:18
-0400] "POST /cgi-bin/test.pl HTTP/1.1" 200 206 "-" "-"
Possible Issues:
1) During Get mode, there is a limit on the URL length that can be
sent by your development tool, as well as the maximum length that can be
received by our apache web server. The GET urls are typically only
500-1000 characters at the most. We have tested with 2000 character
strings and have had no problems. If you have a very large license
key, then you should only send the first 100 characters of it.
2) Add a delay between the GET and the POST, or ensure that the POST
is started only after the GET is complete.
The author sends 37 fields as defined in section 3. The tracker.pl
script adds 13 fields to the database entry as shown below. Hence
the database table has exactly 50 columns. The last column is the
primary key. The primary key is always required, and will be unique
within the database table. The data row will only be imported into
the database if the primary key exists.
| date | Full local date/time string on the sharewarejustice.com web server |
| servertimezone | The short timezone string (EDT or PDT etc..) |
| ip_external | This is the external ip address of the workstation that has posted the data to the tracker.pl script. This is the single most important field in determining the identity of the infringer. |
| host | This is the external hostname of the organization, for the workstation, that has posted the data to the tracker.pl script. This is typically the proxy server or other firewall or server, that is responsible for the http requests of the organization. |
| legal1
- legal3 |
These fields are for Hitek Software comments |
| hitek1
- hitek5 |
These fields are for Hitek Software comments |
| primkey | This is the table Primary Key. primkey = ip_external & date strings concatenated together. |